chromeos: Check both original and absolute paths for file: scheme

chrome/browser/net/chrome_network_delegate.cc

Index: chrome/browser/net/chrome_network_delegate.cc
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index 878fe38e7c1efc676d643edc96053bc848aa9faf..d88f8a124dc4cab8eb68034f1ba8ccc5fd6fa683 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -448,8 +448,10 @@ bool ChromeNetworkDelegate::OnCanSetCookie(const net::URLRequest& request,
   return allow;
 }
 
-bool ChromeNetworkDelegate::OnCanAccessFile(const net::URLRequest& request,
-                                            const base::FilePath& path) const {
+bool ChromeNetworkDelegate::OnCanAccessFile(
+    const net::URLRequest& request,
+    const base::FilePath& original_path,
+    const base::FilePath& absolute_path) const {
 #if defined(OS_CHROMEOS)
   // If we're running Chrome for ChromeOS on Linux, we want to allow file
   // access. This is checked here to make IsAccessAllowed() unit-testable.
@@ -459,6 +461,15 @@ bool ChromeNetworkDelegate::OnCanAccessFile(const net::URLRequest& request,
   }
 #endif
 
+#if defined(OS_CHROMEOS)
+  // Use the absolute path on Chrome OS so that symbolic links that point to
+  // paths outside of the whitelist are rejected.
+  const base::FilePath& path = absolute_path;
+#else
+  // Use the original path on Android. Android's whitelist relies on symbolic
+  // links (ex. /sdcard is whitelisted and commonly a symbolic link).
+  const base::FilePath& path = original_path;
+#endif
   return IsAccessAllowed(path, profile_path_);
 }
 
@@ -469,7 +480,6 @@ bool ChromeNetworkDelegate::IsAccessAllowed(
 #if !defined(OS_CHROMEOS) && !defined(OS_ANDROID)
   return true;
 #else
-
 #if defined(OS_CHROMEOS)
   // Use a whitelist to only allow access to files residing in the list of
   // directories below.